From 12eef67ba2593c8665a56f598ddd6058914e08fd Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 27 Apr 2020 16:45:53 +0200 Subject: [PATCH] php: Set the sockets permissions when a pool is configured to use them. --- library/roles/php-fpm/defaults/main.yml | 6 +++++- library/roles/php-fpm/templates/php-fpm-pool.conf.j2 | 8 +++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/library/roles/php-fpm/defaults/main.yml b/library/roles/php-fpm/defaults/main.yml index b10a8c3..377f4fd 100644 --- a/library/roles/php-fpm/defaults/main.yml +++ b/library/roles/php-fpm/defaults/main.yml @@ -8,6 +8,7 @@ phpfpm_remove_php_module: True php_from_ppa: False php_ppa: ppa:ondrej/php php_version: 7.2 +php_run_dir: '/run/php' phpfpm_root_dir: '/etc/php/{{ php_version }}' phpfpm_base_dir: '{{ phpfpm_root_dir }}/fpm' @@ -40,12 +41,15 @@ phpfpm_event_mechanism: epoll # Pools settings phpfpm_default_pool_name: "php-fpm" +phpfpm_pool_name: "{{ phpfpm_default_pool_name }}" phpfpm_remove_default_pool: True phpfpm_use_default_template: True phpfpm_create_users: True phpfpm_default_user: php-fpm phpfpm_default_group: '{{ phpfpm_default_user }}' -phpfpm_default_listen: "127.0.0.1:9000" +phpfpm_listen_on_socket: False +phpfpm_default_listen: "{{ php_run_dir }}/{{ phpfpm_pool_name }}.sock" +#phpfpm_default_listen: "127.0.0.1:9000" phpfpm_default_allowed_clients: "127.0.0.1" phpfpm_default_pm: "dynamic" phpfpm_default_pm_max_children: "50" diff --git a/library/roles/php-fpm/templates/php-fpm-pool.conf.j2 b/library/roles/php-fpm/templates/php-fpm-pool.conf.j2 index 8e94601..9f95184 100644 --- a/library/roles/php-fpm/templates/php-fpm-pool.conf.j2 +++ b/library/roles/php-fpm/templates/php-fpm-pool.conf.j2 @@ -28,9 +28,11 @@ listen.allowed_clients = {{ item.allowed_clients | default ('127.0.0.1') }} ; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0666 -;listen.owner = nobody -;listen.group = nobody -;listen.mode = 0666 +{% if phpfpm_listen_on_socket %} +listen.owner = {{ item.user }} +listen.group = www-data +listen.mode = 0660 +{% endif %} ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group